<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Native user authentication | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'native-realm.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/native-realm.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/native-realm.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/native-realm.html" rel="nofollow" target="_blank">../en/native-realm.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="secure-cluster.html">Secure a cluster</a></span>
»
<span class="breadcrumb-link"><a href="setting-up-authentication.html">User authentication</a></span>
»
<span class="breadcrumb-node">Native user authentication</span>
</div>
<div class="navheader">
<span class="prev">
<a href="ldap-realm.html">« LDAP user authentication</a>
</span>
<span class="next">
<a href="oidc-realm.html">OpenID Connect authentication »</a>
</span>
</div>
<div class="section xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="native-realm"></a>Native user authentication<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/security/authentication/native-realm.asciidoc">edit</a><a class="xpack_tag" href="https://www.elastic.co/subscriptions"></a>
</h2>
</div></div></div>
<p>The easiest way to manage and authenticate users is with the internal <code class="literal">native</code>
realm. You can use the REST APIs or Kibana to add and remove users, assign user
roles, and manage user passwords.</p>
<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="native-realm-configuration"></a>Configuring a native realm<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/security/authentication/native-realm.asciidoc">edit</a>
</h3>
</div></div></div>
<p>The native realm is available by default when no other realms are
configured. If other realm settings have been configured in <code class="literal">elasticsearch.yml</code>,
you must add the native realm to the realm chain.</p>
<p>You can configure a <code class="literal">native</code> realm in the <code class="literal">xpack.security.authc.realms.native</code>
namespace in <code class="literal">elasticsearch.yml</code>.
Explicitly configuring a native realm enables you to set the order in which it
appears in the realm chain, temporarily disable the realm, and control its
cache options.</p>
<div class="olist orderedlist">
<ol class="orderedlist">
<li class="listitem">
<p>Add a realm configuration to <code class="literal">elasticsearch.yml</code> under the
<code class="literal">xpack.security.authc.realms.native</code> namespace. It is recommended that you
explicitly set the <code class="literal">order</code> attribute for the realm.</p>
<div class="note admon">
<div class="icon"></div>
<div class="admon_content">
<p>You can configure only one native realm on Elasticsearch nodes.</p>
</div>
</div>
<p>See <a class="xref" href="security-settings.html#ref-native-settings" title="Native realm settings">Native realm settings</a> for all of the options you can set for the <code class="literal">native</code> realm.
For example, the following snippet shows a <code class="literal">native</code> realm configuration that
sets the <code class="literal">order</code> to zero so the realm is checked first:</p>
<div class="pre_wrapper lang-yaml">
<pre class="programlisting prettyprint lang-yaml">xpack:
  security:
    authc:
      realms:
        native:
          native1:
            order: 0</pre>
</div>
<div class="note admon">
<div class="icon"></div>
<div class="admon_content">
<p>To limit exposure to credential theft and mitigate credential compromise,
the native realm stores passwords and caches user credentials according to
security best practices. By default, a hashed version of user credentials
is stored in memory, using a salted <code class="literal">sha-256</code> hash algorithm and a hashed
version of passwords is stored on disk salted and hashed with the <code class="literal">bcrypt</code>
hash algorithm. To use different hash algorithms, see <a class="xref" href="security-settings.html#hashing-settings" title="User cache and password hash algorithms">User cache and password hash algorithms</a>.</p>
</div>
</div>
</li>
<li class="listitem">
Restart Elasticsearch.
</li>
</ol>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="managing-native-users"></a>Managing native users<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/security/authentication/native-realm.asciidoc">edit</a>
</h3>
</div></div></div>
<p>The Elastic Stack security features enable you to easily manage users in Kibana on the
<span class="strong strong"><strong>Management / Security / Users</strong></span> page.</p>
<p>Alternatively, you can manage users through the <code class="literal">user</code> API. For more
information and examples, see
<a href="security-api.html#security-user-apis" class="ulink" target="_top">user management APIs</a>.</p>
<div class="note admon">
<div class="icon"></div>
<div class="admon_content">
<a id="migrating-from-file"></a>
<p>To migrate file-based users to the <code class="literal">native</code> realm, use the
<a href="migrate-tool.html" class="ulink" target="_top">migrate tool</a>.</p>
</div>
</div>
</div>

</div>
<div class="navfooter">
<span class="prev">
<a href="ldap-realm.html">« LDAP user authentication</a>
</span>
<span class="next">
<a href="oidc-realm.html">OpenID Connect authentication »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>